Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0af4a214-5376-4a4f-9979-a272819e0f4c.roa
File:                     0af4a214-5376-4a4f-9979-a272819e0f4c.roa (raw, json)
Hash identifier:          VIffYfp4L0Yxz6WbIksmDSsp/aV1oaqndr4t/qYYr10=
Subject key identifier:   3A:58:FA:82:6B:27:9C:4F:4E:4A:77:E6:24:C3:9D:56:DA:AD:61:AA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2099C3BC8D7D7750C0E124C6959D973E9AB8B6CD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0af4a214-5376-4a4f-9979-a272819e0f4c.roa
Signing time:             Sun 14 Jul 2024 00:00:00 +0000
ROA not before:           Sun 14 Jul 2024 00:00:00 +0000
ROA not after:            Sun 18 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 14 Jul 2024 00:58:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:99:c3:bc:8d:7d:77:50:c0:e1:24:c6:95:9d:97:3e:9a:b8:b6:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 14 00:00:00 2024 GMT
            Not After : Aug 18 23:59:59 2024 GMT
        Subject: serialNumber=c6fd89668d69f9500dfc46e5841e90c9785e38383f1e53392c56e8aabfe9a38d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bd:66:54:7b:f5:d5:94:02:07:7a:b3:83:3d:
                    1c:05:74:16:e6:73:d8:9b:60:44:dc:3d:a2:ec:3d:
                    49:6c:4c:38:92:76:e0:54:12:0c:2a:3a:7e:c4:f9:
                    4f:41:89:cb:79:52:a2:6a:25:d9:5d:77:91:03:28:
                    91:f8:47:4b:b4:0d:44:83:d3:3a:38:c5:ae:4f:0d:
                    1f:13:22:34:6c:9a:b3:7f:2c:ac:bb:8b:ab:79:ee:
                    c2:38:75:cb:0a:60:88:2f:09:3b:3a:ea:dd:02:a0:
                    ea:f5:92:5c:38:08:a4:bd:f4:f0:34:67:cb:f0:c5:
                    e0:ba:8c:5d:e9:63:14:73:84:8f:3d:d3:c1:63:e4:
                    92:ef:b9:6d:e8:77:2c:8c:aa:a7:b5:bb:65:1a:54:
                    ce:59:9a:0d:96:5a:5f:6c:65:75:c3:be:62:fa:fb:
                    ac:6e:31:16:a3:97:65:7e:37:e3:7d:34:f1:19:0b:
                    c0:9b:76:ae:7c:24:27:21:b1:ab:aa:6f:4f:64:d3:
                    68:6d:65:5e:1e:d8:d2:94:eb:84:5d:58:1d:1e:c9:
                    da:f6:b5:24:d6:c8:2e:47:d1:bf:3e:84:c3:0a:c4:
                    b4:62:f0:51:26:da:54:0d:17:63:fc:76:72:0e:2c:
                    99:59:4d:57:48:02:24:2d:c9:95:82:b3:c9:e2:6f:
                    8b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:58:FA:82:6B:27:9C:4F:4E:4A:77:E6:24:C3:9D:56:DA:AD:61:AA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0af4a214-5376-4a4f-9979-a272819e0f4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d8:e1:c5:6b:aa:ab:84:74:7a:91:9b:dd:c2:dc:a0:6c:20:
         d0:47:0d:19:4b:2a:7e:b2:b4:d5:03:74:8b:3e:b6:b9:e3:04:
         19:6a:49:9f:25:dc:10:d2:26:94:f2:51:55:ea:5b:ee:f0:59:
         a0:33:7a:ec:56:93:d5:86:46:e8:eb:d7:6f:f7:1b:b2:2c:a3:
         74:9a:36:69:06:d3:19:91:75:f9:af:f5:58:76:50:42:8b:5d:
         2b:8f:3e:c1:41:e3:91:c8:71:3c:c9:2a:fe:18:1b:03:2a:4a:
         7a:50:21:7f:dc:d9:2f:2c:07:31:4a:9a:4e:23:a2:f1:de:d2:
         f2:0f:2c:eb:fb:6f:23:1e:f5:1a:8b:02:be:87:da:bc:1a:94:
         93:42:3d:d7:1a:bb:d3:c5:c6:22:09:7d:b2:10:79:e5:91:9d:
         b1:b1:07:f4:c5:6b:d2:cd:bd:23:6f:c0:c8:bf:16:bd:91:ab:
         e3:d8:b7:86:7a:0a:2f:82:c8:3b:72:7b:31:52:74:fe:88:77:
         82:29:34:0b:87:b2:ea:6a:01:02:f6:fe:6e:52:ea:63:70:0d:
         72:5b:29:4e:20:3c:55:27:28:a3:04:28:4e:0d:28:7b:30:2d:
         8d:18:fa:bb:02:d3:b1:b3:a3:b5:67:7f:9b:9b:2e:a8:b8:64:
         79:9d:45:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIJnDvI19d1DA4STGlZ2XPpq4ts0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzE0MDAwMDAwWhcNMjQwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmZkODk2NjhkNjlmOTUwMGRmYzQ2ZTU4NDFlOTBjOTc4
NWUzODM4M2YxZTUzMzkyYzU2ZThhYWJmZTlhMzhkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrvWZUe/XVlAIHerODPRwFdBbmc9ibYETcPaLsPUlsTDiS
duBUEgwqOn7E+U9Bict5UqJqJdldd5EDKJH4R0u0DUSD0zo4xa5PDR8TIjRsmrN/
LKy7i6t57sI4dcsKYIgvCTs66t0CoOr1klw4CKS99PA0Z8vwxeC6jF3pYxRzhI89
08Fj5JLvuW3odyyMqqe1u2UaVM5Zmg2WWl9sZXXDvmL6+6xuMRajl2V+N+N9NPEZ
C8Cbdq58JCchsauqb09k02htZV4e2NKU64RdWB0eydr2tSTWyC5H0b8+hMMKxLRi
8FEm2lQNF2P8dnIOLJlZTVdIAiQtyZWCs8nib4uBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOlj6gmsnnE9OSnfmJMOdVtqtYaowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBhZjRhMjE0LTUzNzYtNGE0Zi05OTc5LWEyNzI4MTllMGY0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD/Y4cVrqquEdHqRm93C3KBsINBH
DRlLKn6ytNUDdIs+trnjBBlqSZ8l3BDSJpTyUVXqW+7wWaAzeuxWk9WGRujr12/3
G7Iso3SaNmkG0xmRdfmv9Vh2UEKLXSuPPsFB45HIcTzJKv4YGwMqSnpQIX/c2S8s
BzFKmk4jovHe0vIPLOv7byMe9RqLAr6H2rwalJNCPdcau9PFxiIJfbIQeeWRnbGx
B/TFa9LNvSNvwMi/Fr2Rq+PYt4Z6Ci+CyDtyezFSdP6Id4IpNAuHsupqAQL2/m5S
6mNwDXJbKU4gPFUnKKMEKE4NKHswLY0Y+rsC07Gzo7Vnf5ubLqi4ZHmdRX0=
-----END CERTIFICATE-----